File APIs for Java Developers
Manipulate DOC, XLS, PPT, PDF and many others from your application.
http://aspose.com/file-tools
The moose likes JDBC and the fly likes Let MySQL MD5 or let Java MD5 Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login


Win a copy of Murach's Java Servlets and JSP this week in the Servlets forum!
JavaRanch » Java Forums » Databases » JDBC
Bookmark "Let MySQL MD5 or let Java MD5" Watch "Let MySQL MD5 or let Java MD5" New topic
Author

Let MySQL MD5 or let Java MD5

Gregg Bolinger
GenRocket Founder
Ranch Hand

Joined: Jul 11, 2001
Posts: 15299
    
    6

I don't know if it really comes down to preference or performance, but I was wanting some opinions on this.
Should I let JAVA Security MD5 my passwords so that I can insert and verify passwords stored in MySQL, or should I just use MySQL's MD5 function in the SQL Statement?
The only thing I am concerned with if letting MySQL handle this is if I want to support different DB Vendors.
[ September 19, 2003: Message edited by: Gregg Bolinger ]

GenRocket - Experts at Building Test Data
David O'Meara
Rancher

Joined: Mar 06, 2001
Posts: 13459

I like to let the database do it, although I agree that it is something that may introduce vendor-lockin.
The reason I prefer it in the database is that it enforces password security in the database. If Java is responsible you run the risk of someone accidentally or deliberately not encrypting the password.
Gregg Bolinger
GenRocket Founder
Ranch Hand

Joined: Jul 11, 2001
Posts: 15299
    
    6

Thanks David. I wonder how important multiple DB support is these days. To me, installing MySQL isn't that big of a deal, even if it is just for one app.
 
wood burning stoves
 
subject: Let MySQL MD5 or let Java MD5
 
Similar Threads
mysql encrypt()
Storing Passwords in MySQL
Encrypting/Decrypting passwords using sha or md5
encrypted username breaks sql
Why is Java's MD5 different from MySQL MD5?